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5 The invention relates to a method and device for 

authenticating a subscriber for utilizing services in a 
wireless LAN (WLAN) while using an IP multimedia 
subsystem (IMS) of a mobile radio network. 

10 Methods for authenticating WLAN subscribers in a mobile 
radio network are known from the journal x> Funks chau", 
issue 09/2002, pages 14-15, namely authentication via a 
NAI (Network Access Identifier) and optionally via a SIM 
card, and authentication using the IPv6 (Internet 

15 Protocol Version 6) and a so-called SIM-6 mechanism. In 
general, authentication of a wireless LAN subscriber is 
effected via an HTTP protocol. 

The object of this invention is to efficiently 
20 authenticate a subscriber of a wireless LAN who is also a 
mobile radio network subscriber, while utilizing services 
in a mobile radio network. 

The object is achieved according to the invention by the 
25 objects of the independent claims with reference to the 
method and device. Developments of the invention are 
specified in the subclaims. Authentication while using an 
IP multimedia subsystem, according to the invention, has 
the advantage that a subscriber is authenticated for any 
30 services that can be reached via the wireless LAN, 
without the installation of a separate server for 
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Claims 



1. Method for authenticating a subscriber MT (6) for 
utilizing services in a wireless LAN (WLAN) (10) while 

5 using an IP multimedia subsystem (IMS) (3), 

characterized in that 

a subscriber MT (6) who is to be authenticated and who is 
10 located at a location having WLAN coverage, receives an 
IP address from the WLAN (10) in an attributed manner, 
after which the subscriber authenticates himself to the 
IP multimedia subsystem (3) while giving this IP address, 
whereby an element (WAGW(2)) of the WLAN (10) is informed 
15 of the result of the authentication of the subscriber MT 
(6) with regard to the IMS (3). 

2. Method according to Claim 1, 

20 characterized in that 

a subscriber MT (6) of a wireless LAN (WLAN) is 
authenticated while using an IP multimedia subsystem 
(IMS) (3) of a mobile radio network. 

25 

3. Method according to one of the above claims, 
characterized in that 
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a subscriber MT (6) of a wireless LAN (WLAN) (10) in an 
IP multimedia subsystem (3) is authenticated while using 
an offline home subscriber system (HSS) (5) . 

5 4. Method according to one of the above claims, 

characterized in that 

a subscriber MT (6) in a wireless LAN (WLAN) (10) in an 
10 IP multimedia subsystem (3) is authenticated while using 
an authentication server (AAA server) . 

5. Method according to one of the above claims , 

15 characterized in that 

the key (Ki) used by the subscriber MT (6) to 
authenticate himself in the mobile communication network 
is also used for authentication in the wireless LAN 
20 (WLAN) (10) . 

6. Method according to one of the above claims, 
characterized in that 

25 

the subscriber MT (6) transmits, via the wireless LAN 
(10), an SIP register message to a device (CSCF) (4) of 
the IMS (3), which transmits a request for authentication 
of this IP multimedia subsystem (IMS) subscriber, using 
30 the mechanisms provided for an IP multimedia subsystem 
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(IMS) authentication, to the home subscriber system (HSS) 
(5), after which the home subscriber system (HSS) (5) 
authenticates the subscriber MT (6) using these 
mechanisms and communicates the result of the 
5 authentication to the wireless LAN access gateway (WAGW) 



7. Method according to one of the above claims, 
10 characterized in that 



an association is implemented between the subscriber 



purpose of transmitting and receiving via the radio 
15 interface between subscriber MT (6) and wireless LAN 
(WLAN) (10) . 

8. Method according to one of the above claims, 

20 characterized in that 

the subscriber terminal MT (6) receives an IP address 
from the address area of the wireless LAN (10), with 
which - together with all other IP transport-based data - 
25 it can transmit and receive SIP messages that transport 
authentication messages from and to the IP multimedia 
subsystem (IMS) (3) . 

9. Method according to one of the above claims, 



(2) . 



terminal MT (6) and the wireless LAN (WLAN) (10) for the 



30 
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characterized in that 



the access to services is controlled via a wireless LAN 
access gateway (WAGW) (2) , which monitors successful 
5 authentication in the IP multimedia subsystem (IMS) (3) . 



10. Method according to one of the above claims, 



characterized in that 

10 

the wireless LAN (WLAN) (10) is connected to the IP 
multimedia subsystem (IMS) (3) via a Gi interface. 

11. Method according to one of the above claims, 

15 

characterized in that 



the wireless LAN (WLAN) (10) is connected to the IP 
multimedia subsystem (IMS) (3) via an Mm interface, 

20 

12. Method according to one of the above claims, 



characterized in that 



25 the result of the authentication is fed to the wireless 
LAN access gateway (WAGW) (2) by a P-CSCF(l) (proxy-call 
state control function) /policy control function) at a 
location having WLAN coverage (hotspot) . 

30 13. Method according to Claim 9, 
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25 



characterized in that 

the wireless LAN (WLAN) (10) has a proxy-call state 
control function node (P-CSCF) (1) which forwards the SIP 
messages to the corresponding entity in the IP multimedia 
subsystem (SIP request) and controls the WLAN access 
gateway (WAGW) (2) with regard to the authentication 
result (SIP response) of the IP multimedia subsystem 
(IMS) (3). 

14. Method according to Claim 9, 
characterized in that 

instructions are provided to the WLAN access gateway 
(WAGW) (2) on the basis of the result of the 
authentication in the IP multimedia subsystem (3) , as to 
how the data traffic of a subscriber MT (6) is to be 
handled by the WLAN access gateway (WAGW) (2), in 
particular instructions regarding the blocking of data 
traffic . 

15. Method according to one of the above claims, 
characterized in that 

the proxy-call state control function (P-CSCF) (1), by 
means of a policy control function, controls the data 
traffic through the WLAN access gateway (WAGW) (2) and 
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grants, restricts, increases or declines the quantity 
and/or quality of the data flow of a subscriber MT (6) 
through the WLAN access gateway (WAGW) (2) . 

5 16. Method according to one of the above claims 

characterized in that 

the policy control function is part of the proxy-call 
10 state control function node (P-CSCF) (1) or is a separate 
unit . 

17. Method according to one of the above claims, 

15 characterized in that 

the result of the authentication is fed to the wireless 
LAN access gateway (WAGW) (2) by the CSCF (call state 
control function) (4) /policy control function in the IP 
20 multimedia subsystem (IMS) (3) . 

18. Method according to Claim 14, 
characterized in that 

25 

the call state control function node (CSCF) (4) of the IP 
multimedia subsystem (3) controls the WLAN access gateway 
(WAGW) (2) with regard to the authentication result of 
the IP multimedia subsystem (3) . 

30 
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19. Method according to Claim 15, 

characterized in that 

5 the proxy-call state control function (P-CSCF)(1), by 
means of a policy control function, controls the data 
traffic through the WLAN access gateway (WAGW) (2), and 
grants, restricts, increases or declines the quantity 
and/or quality of the data flow of a subscriber MT (6) 
10 through the WLAN access gateway (WAGW) (2) . 

20. Method according to Claim 15, 
characterized in that 

15 

a Go interface is installed between the call state 
control 

function node (CSCF) (4) of the IP multimedia subsystem 
(3) and the WLAN access gateway (WAGW) (2), for protected 
20 data transfer. 

21. Method according to one of the above claims, 
characterized in that 

25 

the authentication result is evaluated by expanded 
functionalities in the wireless LAN access gateway (WAGW) 
(2) . 

30 22. Method according to Claim 18, 
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characterized in that 

the authentication result received from the IP multimedia 
5 subsystem (IMS) (3) is converted by the WLAN access 

gateway (2), whereby said WLAN access gateway (2) allows 
subscriber data to pass through completely or with 
restrictions . 

10 23. Method according to Claim 19, 

characterized in that 

the evaluation of the authentication result (SIP 
15 messages) is implemented using an "application layer 
gateway" . 

24. Method according to one of the above claims, 

20 characterized in that 

the subscriber MT (6) of the wireless LAN (WLAN) (10) is 
also a subscriber of the mobile communication network. 

25 25. Method according to one of the above claims, 

characterized in that 
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the wireless LAN network (WLAN) is integrated into mobile 
communication networks with the help of ETSI HiperLan and 
IEEE 
802.11. 

26. Device for authenticating a subscriber MT (6) for 
utilizing services in a wireless LAN (WLAN) (10) with the 
help of an IP multimedia subsystem (IMS) (3), 



10 characterized in that 

a device constituting the proxy call state control 
function node (1) by means of the policy control function 
[a by an IP multimedia subsystem that (sic)] is 
15 configured such that an authentication result that is 

received is evaluated and the quantity and/or quality of 
the data flow through the WLAN access gateway (2) of a 
subscriber MT (6) is thus granted, restricted, increased 
or declined. 

20 

27. Device according to Claim 23, 



characterized in that 



25 the device constituting the proxy call state control 
function 

node (1) is a node in the WLAN (10) . 



30 



28. Device according to one of the above claims, 
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characterized in that 



the device constituting the proxy call state control 
function 

5 node (1) of the IP multimedia subsystem (3) is provided 
for controlling authentication in the WLAN (10) . 



29. Device according to one of the above claims, 



10 characterized in that 



the WLAN access gateway (2) has a device that is 
configured such that said device converts the 
authentication result which is received from the IP 
15 multimedia subsystem (3) , by allowing subscriber data to 
pass through completely or with restrictions. 
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